Memory engine and scanner designed for iOS and macOS platforms that leverages the Mach API to perform memory scanning and manipulation tasks. It offers capability to scan, search, read, write, allocate, deallocate memory in a target process, providing powerful tools for debugging, reverse engineering, or enhancing the capabilities of applications through dynamic memory analysis.
- macOS/iOS
- Mach API && Mach-O
- c++1x
- #include "CGuardMemory/CGPMemory.h"
Added functions
ChangeMemoryProtectionVMTHook- RebindSymbol
- RebindSymbols
RemapLibrary- ParseIDAPattern
- ScanPattern
- ScanIDAPattern
AddrRange SearchRange = (AddrRange){0x100000000, 0x300000000};
static vector<void*> Addr;Initialize the memory engine with the task port of the target process
CGPMemoryEngine Engine = CGPMemoryEngine(mach_task_self());Get base address by simply passing lib name into this function
uintptr_t ImageBase = Engine.GetImageBase("MainLib"); - Memory Scanning and Searching: Search memory regions for specific patterns or data, use CGP search types.
// Scan float value
float Search = 3566.004f;
Engine.CGPScanMemory(SearchRange, &Search, CGP_Search_Type_Float);
// Search nearby
float SearchNearby = 0.267f;
Engine.CGPNearBySearch(0x100, &SearchNearby, CGP_Search_Type_Float);
// Get all values
Addr = Engine.GetAllResults();
// Scan int value
int Search = 728949301;
Engine.CGPScanMemory(SearchRange, &Search, CGP_Search_Type_SInt);
// Get 40 values
Addr = Engine.GetResults(40);- Reading/Writing Memory: Directly read from or write to specific memory addresses.
// Write to address
long WriteAddress = 0x1abc;
char newData[] = {0x01, 0x02, 0x03, 0x04};
Engine.CGPWriteMemory(WriteAddress, newData, sizeof(newData));
// Scan and Write
double ChangeValue = 12.5249042791403535;
// Scan double value
if (Addr.size() == 0) {
double Search = 12.6664287277627762;
Engine.CGPScanMemory(SearchRange, &Search, CGP_Search_Type_Double);
// Get 80 values
Addr = Engine.GetResults(80);
}
// Write to address
for (int i = 0; i < Addr.size(); i++) {
Engine.CGPWriteMemory((long)Addr[i], &ChangeValue, CGP_Search_Type_Double);
}
// Read
unsigned long long readAddress = 0x1abc;
size_t dataLength = 4;
void* data = Engine.CGPReadMemory(readAddress, dataLength);
if (data) {
// Process data
free(data);
}
- Memory Allocation/Deallocation: Manage memory dynamically within a target process.
size_t allocSize = 1024; // size of memory to allocate
void* allocatedMemory = Engine.CGPAllocateMemory(allocSize);
// use allocated memory...
memoryEngine.CGPDeallocateMemory(allocatedMemory, allocSize);- Memory Protection: Modify the protection attributes of memory regions.
void* protectAddress = allocatedMemory; // previously allocated memory
size_t protectSize = 1024;
Engine.CGPProtectMemory(protectAddress, protectSize, VM_PROT_READ | VM_PROT_WRITE);- Address Querying: Retrieve detailed information about memory regions.
kern_return_t kr = Engine.CGPQueryMemory(address, &size, &protection, &inheritance);You are welcome to change and do whatever you want with this code